If the Windbind caches are cold and we look up the user using the UPN will result in user name with REALM+user instead of the DOMAIN+user. Output showing the bug: $ getent passwd bob1@EARTH.MILKYWAY.SITE EARTH.MILKYWAY.SITE+bob1:*:100001107:100000513::/home/EARTH.MILKYWAY.SITE/bob1:/bin/bash (It works if you use: getent passwd EARTH+bob) Expected output: $ getent passwd bob1@EARTH.MILKYWAY.SITE EARTH+bob1:*:100001107:100000513::/home/EARTH/bob1:/bin/bash
Created attachment 14106 [details] patch for 4.7 This is already fixed in Samba 4.8.
Is that really the right patchset? It's about the namemap cache being moved to gencache. How does this help?
The problem before was that if you looked up the user via UPN the REALM ended up in the cache instead of the DOMAIN name (getent passwd bob1@EARTH.MILKYWAY.SITE). You need to remove all cache tdbs to actually reproduce it. If you looked it up via domain name (EARTH+bob1) it worked correctly. You fixed that probably without noticing. And yes, I've bisected it down to that piece of code, backported the patches to v4-7 and verified again that it actually fixed the problem. The patch fixing the issue is actually: [PATCH 8/9] winbindd: Move name<->sid cache to gencache
Created attachment 14133 [details] patch for 4.7 This is a minimal version. However patch 2 is needed for master too.
Comment on attachment 14133 [details] patch for 4.7 This needs more work.
Created attachment 14199 [details] patch for 4.8
Created attachment 14200 [details] patch for 4.7 The 4.7 is not complete, as quite some patches are missing to fully implement that. However it fixes the most serious issue and adds tests. This shows what is not working yet with 4.7.
Pushed to autobuild-v4-{8,7}-test.
Pushed to both branches. Closing out bug report. Thanks!